HP Finds Malware Attack Likely Built With Generative AI

AI-assisted malware attack targets French users: HP’s Wolf Security researchers have uncovered a malicious email campaign likely developed with the help of generative AI, raising concerns about the evolving landscape of cybersecurity threats.

• In June, HP’s anti-phishing system, Sure Click, flagged an unusual email attachment targeting French language users.
• The attachment contained an HTML file that, when accessed with the correct password, revealed a ZIP archive containing AsyncRAT malware.
• AsyncRAT is an open-source remote access tool that can be misused to control victims’ computers remotely.

Unusual code characteristics raise suspicions: The malicious code found in the email attachment exhibited atypical features that led researchers to believe it was created using generative AI.

• Unlike typical malware, the JavaScript and ZIP archive code were not obfuscated, making them easily readable.
• The code contained detailed comments describing the function of each line, which is rare in malware as attackers usually aim to make their code difficult to understand.
• The structure, consistent comments, and choice of function names and variables strongly suggest the involvement of generative AI in developing the scripts.

Broader implications for cybersecurity: This discovery highlights the potential for generative AI to lower the barrier to entry for cybercriminals and reshape the threat landscape.

• Other companies, including OpenAI and Microsoft, have also observed state-sponsored hackers using generative AI to refine phishing attacks and conduct research.
• In April, cybersecurity provider ProofPoint identified another case where hackers possibly used generative AI to develop a PowerShell script for malware delivery.
• HP security researcher Patrick Schläpfer emphasized the significance of this finding, noting that while speculation about AI use by attackers is widespread, concrete evidence has been scarce.

Industry perspectives on AI-assisted attacks: While some experts see this as a significant development, others remain cautious about attributing attacks to AI definitively.

• HP’s report suggests that generative AI could potentially “lower the bar” for cybercriminals to spread malware.
• However, Google’s VirusTotal is more skeptical, with researcher Vicente Diaz pointing out the difficulty in distinguishing between code copied from various sources and that generated by AI.
• This uncertainty highlights the challenges in accurately identifying and attributing AI-assisted cyberattacks.

Analyzing deeper: The double-edged sword of AI in cybersecurity: While the use of generative AI in malware development raises concerns, it also presents opportunities for improving cyber defenses and detection mechanisms.

• As attackers potentially leverage AI to create more sophisticated threats, cybersecurity professionals may need to adapt their strategies and tools to keep pace.
• The incident underscores the importance of continued research and collaboration within the cybersecurity community to understand and mitigate AI-assisted threats.
• Moving forward, balancing the benefits of AI in cybersecurity with its potential misuse will likely become an increasingly critical challenge for industry professionals and policymakers alike.